chcon command:
chcon command is use to change the SElinux context for files. Changes made with this command do not survive the file system relabel, or the execution of restorecon command. chcon temporarily changes the context of files, it means after the execution of restorecon command the context will be reset. When using chcon users provide all or the part of SElinux context to change.
#chcon -t context_type file_name
run this command to change the selinux context of a file.
#chcon -R context_type directory_name
run this command to recursively change the selinux context of a directory and it's contents.
#ls -Z file_name/directory_name
use this command to view the selinux context of a file or directory
semanage command:
The 'semanage fcontext' command is use to change the SElinux context of a file or directory persistently. When using targeted policy, changes are written to the file located at /etc/selinux/targeted/contexts/files/ directory.
the file_contexts file specifies defaults contexts for man files.
the file_contexts.local stores contexts for newly created files and directories that are not found in file_contexts file.
Basically two utilities read these files. The setfiles utility is used when the filesystem is relabeled and the restorecon utility restore the SElinux contexts. This means that changes made by semanage fcontext are persistent, even if the file system is relabeled.
#semanage -a options file_name|directory_name
use this command to set the SElinux context for the given file or directory.
#restorecon -v file_name|directory_name
use this command to apply the context changes.
chcon command is use to change the SElinux context for files. Changes made with this command do not survive the file system relabel, or the execution of restorecon command. chcon temporarily changes the context of files, it means after the execution of restorecon command the context will be reset. When using chcon users provide all or the part of SElinux context to change.
#chcon -t context_type file_name
run this command to change the selinux context of a file.
#chcon -R context_type directory_name
run this command to recursively change the selinux context of a directory and it's contents.
#ls -Z file_name/directory_name
use this command to view the selinux context of a file or directory
semanage command:
The 'semanage fcontext' command is use to change the SElinux context of a file or directory persistently. When using targeted policy, changes are written to the file located at /etc/selinux/targeted/contexts/files/ directory.
the file_contexts file specifies defaults contexts for man files.
the file_contexts.local stores contexts for newly created files and directories that are not found in file_contexts file.
Basically two utilities read these files. The setfiles utility is used when the filesystem is relabeled and the restorecon utility restore the SElinux contexts. This means that changes made by semanage fcontext are persistent, even if the file system is relabeled.
#semanage -a options file_name|directory_name
use this command to set the SElinux context for the given file or directory.
#restorecon -v file_name|directory_name
use this command to apply the context changes.
Gracias por la explicación.
ReplyDeleteNice
ReplyDelete